Our site uses cookies to improve your experience of certain areas of the site and to allow the use of specific functionality like social media page sharing. You may delete and block all cookies from this site, but as a result parts of the site may not work as intended. By clicking any link on this page you are giving your consent.

Risk managers want to transfer cyber risk

17 July 2018

Risk managers have expressed a strong desire to transfer cyber exposures to insurers, amid growing concern for technology related risks, according to a survey of Airmic members carried out in partnership with JLT Specialty.

Cyber and IT-related risks have emerged as the top concerns for Airmic members, according to its survey. Cyber risk was ranked among the top three concerns by 39% of respondents, second only to reputation at 41%. However, risk managers expect cyber will overtake reputation and take the top spot within the next three years.

Airmic says that one of the common challenges facing all companies is how to embrace fast-evolving digital technology. The threat of competitors using new technology and business models to gain market share is another rapidly emerging concern, chosen by 21% - with 30% expecting it to feature in three years’ time.

UNDER-PREPARED

Many risk managers feel that their organisations are ill-prepared to confront cyber risk. Only one-third are confident that their main cyber risks have been identified and quantified, while less than half (44%) are confident that their organisation has prepared for a cyber incident and only 25% say that their data assets have been mapped and protected.

According to Airmic, this lack of preparedness is a concern. Only 22% strongly agree that the board has sufficient knowledge and understanding of cyber risks. When it comes to third-party cyber risks, the picture is darker still, with only 15% strongly agreeing that these are being managed in their organisations.

REACHING OUT

The Airmic survey also showed a growing desire to engage with insurers on cyber risk. Three-quarters of risk managers, surveyed by Airmic, buy standalone cyber insurance. Transferring risk through insurance is favoured for a number of risks whose origins sit outside the direct control of the company, and which are therefore harder to mitigate directly, according to Airmic. Cyber business interruption is the third most desirable risk to transfer, after natural catastrophes and terrorism.

Some 45% of those surveyed say transferring data breach risk to the insurance market was their preferred mitigation approach, compared with 41% who would prefer to reduce their exposure. For cyber business interruption, 49% would prefer to transfer the risk, while just 33% would look to reduce exposure.

MORE ASSISTANCE

According to Airmic, there are a number of areas where risk managers would like help from insurers. Asked where they would like to see insurers develop services in response to data breaches, 58% of respondents show an overwhelming preference for support with responding to the data loss, while 48% would like insurers to increase their offering around cyber business interruption.

Airmic also says cyber insurance has matured in recent years and that risk managers are no longer concerned about capacity, cover and limits. However, consistency of cyber definitions and coverage remains an issue.

The Airmic findings echo a recent regional survey by JLT Asia, which found increasing demand for cyber insurance in Asia Pacific. JLT Asia reported a 95% increase in the number of policies and an 80% increase in premiums in 2017, driven by increased awareness of cyber risk and a number of high profile data breaches in the region. Some 80% of cyber policies sold by JLT Asia in 2017 were standalone, while 20% were blended cyber and professional indemnity cover.

Similar to the Airmic survey, JLT Asia identified an increased interest in cyber business interruption. 90% of clients with limits over USD 5 million now purchase business interruption cover, as they realise that much of their day-to-day business operations are reliant on potentially vulnerable IT infrastructure and interconnectivity issues.

Jardine Lloyd Thompson Group plc

Jardine Lloyd Thompson Group plc, incorporated and registered in England and Wales. Registered Office at The St Botolph Building, 138 Houndsditch, London, EC3A 7AW. Registered number 1679424. Jardine Lloyd Thompson Group plc is a holding company, some of whose subsidiaries are authorised and regulated by the Financial Conduct Authority.